How to protect your machines and plant from Ethernet and web-based connections intruders?

More of the automation we install on our machines has Ethernet and web-based connections. This helps with remote troubleshooting and enterprise reporting, but some customers worry that their connected factory floor is vulnerable to internal input mistakes that can cascade through an entire process. What kind of prioritized operator and technician HMI access can protect the process, but still give us the links needed to the outside?